SOC Analyst (0111)
Sector: Security Operations
We are working closely with a leading MSSP who offer excellence in Cyber Security. Our client has created an unrivalled service for all things cyber and are working towards a centre of excellence for their customers by building an amazing place to work, learn and develop.
You will be responsible for the management, response and/or escalation of security incidents received from the CSOC Analysts. You will need to ensure that regular reviews are conducted and prioritize incidents, review the severity and classification of work for the security incidents in progress. You will have the confidence in determining how to treat the security incident and assign a severity level based on business impact. You will have the responsibility to close or escalate the security incident to the Head of Incident Response.
• Provide oversight and guidance to junior analysts
• Perform event and incident analysis, including baseline establishment and trend analysis.
• Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity.
• Identify training needs for the junior analysts
• Ensures that all identified events are promptly validated and thoroughly investigated
• Improve and develop new content based on observed and measured SOC activity
• Manage incidents up to the preliminary forensics processes
Background & Experience
• Familiarization of the MITRE ATT&CK Framework.
• Strong interpersonal and communication skills with the ability to lead and work as part of a team
• Team-oriented and skilled in working within a collaborative environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Splunk, Splunk ES, Elastic, Windows Defender ATP, McAfee Endpoint Security etc.
• Email Protection, IR Workflow & Automation and Vulnerability Assessment
• Threat Intelligence, Network (& Malware) Analysis, Web Proxy and DLP
• Understanding of how Virtualization, Operating Systems, Middle Ware, Software Development Engineering and Network protocols function.
• Knowledge of security policy and technical standard development, secure infrastructure design reviews, multi-tiered trust zone structures, and complex networking through multiple level network security structures
• Proven analytic and problem-solving abilities
• Familiarity of reverse engineering techniques
• Understanding of behaviour and capabilities of malware, rootkits etc.
• Experience in a SOC or incident response environment
• SANS or CREST Certification, GCIH (preferred), CEH, OSCP, Security+, CISSP
• Scripting experience: Python, PowerShell, etc.
• SC Clearance